Based on this question & answer "How to retrieve unique count of a field using Kibana + Elastic Search" I have been able to collect the individual count of the unique IP addresses from our Apache logs, however, What I actually want to do is to be able to display the count of the individual IP addresses, i.e. how many unique visitors.
I think I need to use the terms_stats facet to do this but I don't know what to set as the "value_field"
This is not possible with the current version of the kibana.
but i have what i did to achieve this is created the custom histogram panel.
to create the custom histogram panel, just copy the existing histogram and modify config.js, module.js to change all the path references to the new panel.
override the doSearch function to use the query http://www.elasticsearch.org/blog/count-elasticsearch/
and update the results parsing logic.
look for function
b.get_data = function(a, j, k)
return b.populate_modal(n), p = n.doSearch(), p.then(function(c) {
if (b.panelMeta.loading = !1, 0 === j && (b.legend = [], b.hits = 0, a = [], b.annotations = [], k = b.query_id = (new Date).getTime()), d.isUndefined(c.error)) {
if (b.query_id === k) {
var i, n, p, q = 0;
o = JSON.parse("[{\"query\":\"*\",\"alias\":\"\",\"color\":\"#7EB26D\",\"id\":0,\"pin\":false,\"type\":\"lucene\",\"enable\":true,\"parent\" : 0}]");
d.each(o, function(e) {
//alert(JSON.stringify(c));
//var f = c.aggregations.monthly.buckets[e.id];
if (d.isUndefined(a[q]) || 0 === j) {
var h = {interval: m,start_date: l && l.from,end_date: l && l.to,fill_style: b.panel.derivative ? "null" : b.panel.zerofill ? "minimal" : "no"};
i = new g.ZeroFilled(h), n = 0, p = {}
} else
i = a[q].time_series, n = a[q].hits, p = a[q].counters;
d.each(c.aggregations.monthly.buckets, function(a) {
var c;
n += a.visitor_count.value, b.hits += a.visitor_count.value, p[a.key] = (p[a.key] || 0) + a.visitor_count.value, "count" === b.panel.mode ? c = (i._data[a.key] || 0) + a.visitor_count.value : "mean" === b.panel.mode ? c = ((i._data[a.key] || 0) * (p[a.key] - a.visitor_count.value) + a.mean * a.visitor_count.value) / p[a.key] : "min" === b.panel.mode ? c = d.isUndefined(i._data[a.key]) ? a.min : i._data[a.key] < a.min ? i._data[a.key] : a.min : "max" === b.panel.mode ? c = d.isUndefined(i._data[a.key]) ? a.max : i._data[a.key] > a.max ? i._data[a.key] : a.max : "total" === b.panel.mode && (c = (i._data[a.key] || 0) + a.total), i.addValue(a.key, c)
}), b.legend[q] = {query: e,hits: n}, a[q] = {info: e,time_series: i,hits: n,counters: p}, q++
}), b.panel.annotate.enable && (b.annotations = b.annotations.concat(d.map(c.hits.hits, function(a) {
var c = d.omit(a, "_source", "sort", "_score"), g = d.extend(e.flatten_json(a._source), c);
return {min: a.sort[1],max: a.sort[1],eventType: "annotation",title: null,description: "<small><i class='icon-tag icon-flip-vertical'></i> " + g[b.panel.annotate.field] + "</small><br>" + f(a.sort[1]).format("YYYY-MM-DD HH:mm:ss"),score: a.sort[0]}
})), b.annotations = d.sortBy(b.annotations, function(a) {
return a.score * ("desc" === b.panel.annotate.sort[1] ? -1 : 1)
}), b.annotations = b.annotations.slice(0, b.panel.annotate.size))
}
} else
b.panel.error = b.parse_error(c.error);
b.$emit("render", a), j < h.indices.length - 1 && b.get_data(a, j + 1, k)
})
